Bump the github-actions group across 1 directory with 7 updates by dependabot[bot] · Pull Request #736 · zalando-incubator/stackset-controller

dependabot · 2026-06-03T15:23:54Z

Bumps the github-actions group with 7 updates in the / directory:

Package	From	To
actions/checkout	`2`	`6`
actions/setup-go	`2`	`6`
docker/login-action	`4.0.0`	`4.2.0`
docker/setup-qemu-action	`4.0.0`	`4.1.0`
docker/setup-buildx-action	`4.0.0`	`4.1.0`
docker/metadata-action	`6.0.0`	`6.1.0`
docker/build-push-action	`7.0.0`	`7.2.0`

Updates actions/checkout from 2 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
Additional commits viewable in compare view

Updates actions/setup-go from 2 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.6.0

What's Changed

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @aparnajyothi-y in actions/setup-go#689

Full Changelog: actions/setup-go@v5...v5.6.0

v5.5.0

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in actions/setup-go#556

Add manifest validation and improve error handling by @priyagupta108 in actions/setup-go#586

Update template link by @jsoref in actions/setup-go#527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-go#574

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-go#573

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-go#582

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in actions/setup-go#537

New Contributors

@jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

... (truncated)

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

Updates docker/login-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/login-action#976

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960

Bump @docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970

Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985

Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963

Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961

Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979

Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991

Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits

650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
99df1a3 chore: update generated content
3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
4eefcd3 chore: update generated content
56d092c build(deps): bump @docker/actions-toolkit from 0.86.0 to 0.90.0
e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
0bced94 chore: update generated content
3e75a0f build(deps): bump @actions/core from 3.0.0 to 3.0.1
365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.1.0

Add reset input to uninstall current emulators by @crazy-max in docker/setup-qemu-action#21

Bump @docker/actions-toolkit from 0.77.0 to 0.91.0 in docker/setup-qemu-action#250 docker/setup-qemu-action#247

Bump brace-expansion from 1.1.12 to 1.1.15 in docker/setup-qemu-action#265

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-qemu-action#286

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-qemu-action#255

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-qemu-action#257

Bump glob from 10.3.15 to 10.5.0 in docker/setup-qemu-action#254

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-qemu-action#262

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-qemu-action#273

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-qemu-action#285

Bump tar from 6.2.1 to 7.5.15 in docker/setup-qemu-action#287

Bump tmp from 0.2.5 to 0.2.6 in docker/setup-qemu-action#291

Bump undici from 6.23.0 to 6.26.0 in docker/setup-qemu-action#251

Bump vite from 7.3.1 to 7.3.2 in docker/setup-qemu-action#271

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits

0611638 Merge pull request #21 from crazy-max/uninst
ce59c81 chore: update generated content
2ddad44 uninstall current emulators
8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
d1a0ff3 chore: update generated content
0a8f3dc build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
978bd77 chore: update generated content
3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499

Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523

Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537

Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545

Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492

Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits

d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
92bc5c9 chore: update generated content
da11e35 build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.90.0
f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
b5af94f chore: update generated content
16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
9725348 chore: update generated content
Additional commits viewable in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Updates docker/build-push-action from 7.0.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525

Bump @docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517

Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529

Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521

Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526

Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

v7.1.0

Git context query format support by @crazy-max in docker/build-push-action#1505

Bump @docker/actions-toolkit from 0.79.0 to 0.87.0 by @crazy-max in docker/build-push-action#1505

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500

Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489

Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491

Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490

Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497

Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510

Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496

Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486

Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits

f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
812d5fd chore: update generated content
b6f6693 chore(deps): Bump @docker/actions-toolkit from 0.87.0 to 0.90.0
c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
51bb284 chore: update generated content
5f7884d chore(deps): Bump @actions/core from 3.0.0 to 3.0.1
e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
3804d49 chore: update generated content
71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `2` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `2` | `6` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.2.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.2.0` | Updates `actions/checkout` from 2 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v2...v6) Updates `actions/setup-go` from 2 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v2...v6) Updates `docker/login-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...650006c) Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@ce36039...0611638) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) Updates `docker/build-push-action` from 7.0.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...f9f3042) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code major labels Jun 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 7 updates#736

Bump the github-actions group across 1 directory with 7 updates#736
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-9ec7c5f7e8

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Bug fixes:

Dependency updates:

New Contributors

v4.2.0

v4.1.0

v4.1.0

v4.1.0

v6.1.0

v7.2.0

v7.1.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants